bug: add support to remove /usr/local from private-bin list, issue 778

1 files changed, 9 insertions, 0 deletions

diff --git a/src/firejail/checkcfg.c b/src/firejail/checkcfg.c
index fdd2b8edd..78c0e5c60 100644
--- a/src/firejail/checkcfg.c
+++ b/src/firejail/checkcfg.c
@@ -40,6 +40,7 @@ int checkcfg(int val) {
                         cfg_val[i] = 1; // most of them are enabled by default
                 cfg_val[CFG_RESTRICTED_NETWORK] = 0; // disabled by default
                 cfg_val[CFG_FORCE_NONEWPRIVS] = 0; // disabled by default
+                cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0; // disabled by default
                 
                 // open configuration file
                 char *fname;
@@ -258,6 +259,14 @@ int checkcfg(int val) {
                                 else
                                         goto errout;
                         }
+                        else if (strncmp(ptr, "private-bin-no-local ", 21) == 0) {
+                                if (strcmp(ptr + 21, "yes") == 0)
+                                        cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 1;
+                                else if (strcmp(ptr + 21, "no") == 0)
+                                        cfg_val[CFG_PRIVATE_BIN_NO_LOCAL] = 0;
+                                else
+                                        goto errout;
+                        }
                         else
                                 goto errout;